fix unconditional helper in kernel-netfilter-x_tables CVE-2016-3134 [released]

Tracked by Jolla (In release)

asked 2017-05-03 12:50:02 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-03 12:50:49 +0200

lpr gravatar image

Description

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Patch is available.

Only vulnerable if unprivileged user namespaces are enabled.

CVSS v3 Base Score: 8.4 High

Files affected:

kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv4/netfilter/arp_tables.c lines 353-358 393-403 542-548 583-591

kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv4/netfilter/ip_tables.c lines 168-178 230-240 468-478 705-711 747-755

kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv6/netfilter/ip6_tables.c

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2017-06-14 18:12:44.393281

Comments

released in 2.1.1.12/Jämsänjoki

lpr ( 2017-06-14 18:12:34 +0200 )edit